Lethal Cyberattack Stopped Before Poisoning Water Supply in Florida

February 10, 2021Joshua Skovlund
florida sheriff discusses cyberattack


A quick-thinking water treatment technician stopped a cyber-based terrorist attack on the residents of Pinellas County on Florida’s Gulf Coast. On Friday, an unidentified hacker gained access to the Oldsmar, Florida, water treatment plant computers and adjusted the levels of sodium hydroxide, aka lye, to dangerously high levels. Thanks to the technician’s immediate actions, the setting was lowered back to normal range before any major damage could take place.

Sen. Marco Rubio of Florida said the cyberattack should be considered a national security concern, and he is asking the Federal Bureau of Investigation to investigate the apparent terrorist attack. Andrea Aprea, a public affairs specialist with the FBI’s Tampa Division, confirmed that they are working jointly with the Pinellas County Sheriff’s Office and the City of Oldsmar. 

Pinellas County Sheriff Bob Gualtieri announced the cyberattack on Monday during a press conference. He said that on Friday morning, a technician at the water plant facility noticed someone remotely access the system for a brief period before disconnecting. Gualtieri said the technician didn’t think much of it because the system had been set up with remote connection software for supervisors and others who needed remote access to the system during COVID-19 pandemic restrictions. 

At about 1:30 p.m. the same day, the same unknown individual or another hacker gained access to the system and the technician could see the mouse cursor moving around the screen, opening different windows. Then, the hacker boosted the level of sodium hydroxide from 100 parts per million to 11,100 ppm, a lethal amount. The technician who observed the changes quickly adjusted the sodium hydroxide level back to 100 ppm.

Gualtieri said, however, that even if the technician had missed the attack, early warning sensors throughout the entire water system would have alerted officials of the changing alkalinity, and the water could have been shut off before reaching the city. He asserted that the public was never in any danger because of these safety features.

Oldsmar City Manager Al Braithwaite said they’ve “anticipated that this day was coming” and have trained for it, but he wasn’t aware of any previous attempts before Friday’s cyberattack. 

The cyberattack in Oldsmar, about 15 miles west of Tampa, Florida, is a direct attack on critical infrastructure. Local, state, and federal law enforcement are putting all hands on deck to track down the hacker who infiltrated the system. 

Andrew Crerar, a development operations engineer who supports the infrastructure of government and military projects, told Coffee or Die Magazine that he believes there are three different types of bad actors possible with an incident such as the attack on the Oldsmar city water facility. 

oldsmar florida
The Oldsmar, Florida, water treatment facility, site of a cyberattack on Friday, Feb. 5, 2021. Screenshot via YouTube.

First, Crerar referred to a type of attacker known as a “script kiddie.” This is the most rudimentary possibility, he said, meaning a mischievous, entry-level hacker who uses preexisting tools to hack into various systems — who isn’t directly trying to commit an act of terror but more or less seeing how far they can get.  

“Script kiddies are people who get on the internet and they basically get scripts and packages that already exist, and they’re usually motivated by just kind of seeing what they can do,” said Crerar. “Granted, they can cause some serious damage — it’s not that they shouldn’t be taken seriously.”

Second, Crerar cited the possibility of an insider attack committed by a current or former disgruntled employee who still has remote access and wants revenge. He explained that some facilities don’t change their system passwords often enough, which creates security risks.

The third possibility, according to Crerar, is that an experienced foreign or domestic hacker intentionally breached the system to commit an act of terror. Crerar went on to explain that these types of attacks are becoming more and more frequent. He gave an example of the recent breaches in the Department of Defense’s systems that led to stolen DOD personnel information. 

“This stuff is becoming more and more common because basically, the battlefield is shifting,” said Crerar. “Terrorism isn’t about who’s got the biggest gun as much anymore but who can control the information and who can control the digital space. They usually have a distinct advantage.”

The Tampa Police Department and the Department of Homeland Security did not respond to inquiries at the time of publication.

Read Next: Experts: Brazen Cyberattack Against US Agencies Bears Hallmarks of Russian Cyber Tradecraft

Joshua Skovlund
Joshua Skovlund

Joshua Skovlund is a former staff writer for Coffee or Die. He covered the 75th anniversary of D-Day in France, multinational military exercises in Germany, and civil unrest during the 2020 riots in Minneapolis. Born and raised in small-town South Dakota, he grew up playing football and soccer before serving as a forward observer in the US Army. After leaving the service, he worked as a personal trainer while earning his paramedic license. After five years as in paramedicine, he transitioned to a career in multimedia journalism. Joshua is married with two children.

More from Coffee or Die Magazine
dear jack mandaville
Dear Jack: Which Historic Battle Would You Want To Witness?

Ever wonder how much Jack Mandaville would f*ck sh*t up if he went back in time? The American Revolution didn't even see him coming.

west point time capsule
West Point Time Capsule Yields Centuries-Old Coins

A nearly 200-year-old West Point time capsule that at first appeared to yield little more than dust contains hidden treasure, the US Military Academy said.

Ouija Board aircraft carrier
Low-Tech ‘Ouija Boards’ Have Helped Aircraft Carriers Operate for Decades

Since the 1920s, a low-tech tabletop replica of an aircraft carrier’s flight deck has been an essential tool in coordinating air operations.

Army vs. Navy mascot
The Navy Goat vs. the Army Mule: Mascot Origin Stories

For nearly as long as the Army-Navy football rivalry, the academies’ hoofed mascots have stared each other down from the sidelines. Here are their stories.

ukraine long-range weapon
Zelenskyy Says Ukraine Has Developed a Long-Range Weapon, a Day After Strike Deep Inside Russia

Zelenskyy said on his Telegram channel the weapon was produced by Ukraine’s Ministry of Strategic Industries but gave no other details.

7 of the Best Movie Ambush Scenes of All Time

Ambushes make for great action scenes. Here are seven of the best to ever grace the big screen.

North Korean leader Kim Jong Un, center, with his daughter, center right, reportedly named Ju Ae, review the honor guard during their visit to the navy headquarter in North Korea
North Korea Launches Missile Toward Sea After US Flies Bomber During Drills

South Korea’s Joint Chiefs of Staff said in a statement that the launch occurred Wednesday but gave no further details, such as how far the missile flew.

  • About Us
  • Privacy Policy
  • Careers
Contact Us
Contact Us
© 2023 Coffee or Die Magazine. All Rights Reserved